Block Bad Bots and Stop Bad Bots Crawlers and Spiders...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Description

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbots_check_wordpress_logged_in_cookie' function in all versions up to, and including, 11.58. This makes it possible for unauthenticated attackers to bypass blocklists, rate limits, and other plugin functionality.

Basic Information

ID CVE-2025-9376

Source Wordfence

Published Aug 28, 2025 at 11:16

Affected Product

Vendor sminozzi

Product Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection

Version *

Affected Versions sminozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection *

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbots_check_wordpress_logged_in_cookie' function in all versions up to, and including, 11.58. This makes it possible for unauthenticated attackers to bypass blocklists, rate limits, and other plugin functionality.",
    "published": "2025-08-28T11:16:21.743Z",
    "modified": "2025-08-28T11:16:21.743Z",
    "type": "cve",
    "title": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d6b0d86-3cb4-4723-b677-141c604f00cc?source=cve\nhttps://plugins.trac.wordpress.org/browser/stopbadbots/trunk/stopbadbots.php#L1958\nhttps://plugins.trac.wordpress.org/changeset/3350927/\nhttps://plugins.trac.wordpress.org/changeset/3351023/",
    "id": "CVE-2025-9376",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "sminozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection *",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
    "version": "*",
    "vendor": "sminozzi",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass_CVE-2025-9376